---
layout: docs
page_title: IBM Db2 - Database - Credentials
description: |-
  Manage credentials for IBM Db2 using Vault's LDAP secrets engine.
---

# IBM db2

Access to Db2 is managed by facilities that reside outside the Db2 database system. By
default, user authentication is completed by a security facility that relies on operating
system based authentication of users and passwords. This means that the lifecycle of user
identities in Db2 aren't capable of being managed using SQL statements and Vault's
database secrets engine.

To provide flexibility in accommodating authentication needs, Db2 ships with authentication
[plugin modules](https://www.ibm.com/docs/en/db2/11.5?topic=ins-ldap-based-authentication-group-lookup-support)
for Lightweight Directory Access Protocol (LDAP). This enables the Db2 database manager to
authenticate users and obtain group membership defined in an LDAP directory, removing the
requirement that users and groups be defined to the operating system.

Vault's [LDAP secrets engine](/vault/docs/secrets/ldap) can be used to manage the lifecycle
of credentials for Db2 environments that have been configured to delegate user authentication
and group membership to an LDAP server.

## Tutorial

Refer to the [IBM Db2 Credential Management](/vault/tutorials/secrets-management/ibm-db2-openldap)
tutorial to learn how to use Vault to manage both static and dynamic credentials for access to Db2.
